Package com.saperion.common.crypto

Class CryptoUtils

java.lang.Object
com.saperion.common.crypto.CryptoUtils
public class CryptoUtils extends Object
Utility class of crypto-package.
Author:
veg, agz

  • Method Details

    • newKeyPairWithKeyTool

      public static void newKeyPairWithKeyTool(String keyStore, String storeType, String storePassword, String alias, CipherStrategy cipherStrategy, int daysValid, String keySignAlgorithm, String keyDn, String keyPassword) throws IOException, InterruptedException
      Creates a new KeyPair and adds it to the given key store under the specified alias using the standard jdk key tool executable.

      For this to work, the key tool must be located on the system path.

      Note: the key tool invocation may block when necessary input parameters are missing (like storePassword, keyPassword). This is due to the fact, that key tool then waits for manual input - depending on the selected key store type.

      The specified key store, storage type, alias, cipher strategy, key sign algorithm and key DN must not be null.

      The specified days valid must be > 0.

      Parameters:
      keyStore - the path to the key store the key pair should be added to
      storeType - the type of the key store (JKS etc.)
      storePassword - the optional password for the key store to add the key to. Depending on the key store type, this must or must not be null
      alias - the alias under which the key should be stored within the key store
      cipherStrategy - the CipherStrategy to use
      daysValid - the number of days this key should be valid (e.g. 365)
      keySignAlgorithm - the algorithm to use for key signing (e.g. SHA256withRSA)
      keyDn - the distinguished name to use for the certificate (e.g. CN=Integration Server, O=SAPERION, L=Berlin, C=DE)
      keyPassword - the optional password for the key. depending on the key store type, this can or can't be null
      Throws:
      IOException - if an IO error occurs
      InterruptedException - if the process was interrupted

    • newCertificate

      public static X509Certificate newCertificate(String dn, Pair<Key,Key> pairKeys, int days, String algorithm)
      Creates a new self-signed X.509 Certificate.

      This is e.g. needed when writing a private key to a key store.

      Currently the certificate does not contain any extensions.

      The specified dn, pair of keys and algorithm must not be null.

      Parameters:
      dn - the distinguished name, e.g. "CN=Test, L=London, C=GB"
      pairKeys - the Pair of Keys - e.g. generated by Cipher.newKeys()
      days - how many days from now the Certificate is valid for
      algorithm - the signing algorithm, e.g. "SHA1withRSA"
      Returns:
      the Certificate

    • parseFromX509EncodedData

      public static RSAPublicKey parseFromX509EncodedData(InputStream inputStream, Charset charset)
      This method parses an RSAPublicKey from X509 encoded data. For example, the data might have been read from a public key file in the format: 

       -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpjFOHYRA1DJBVWXzUxV
 V8B/tBUhzRoZo/uKfk9kSFUeOi+wBGLtiALPqKW/OXn8CBSkBsTJErnmTZfnXDS8
 IRfMwODjzRMYFdXUkDju+rKsA0Bix77t00wluhBu3nzZc01ynE/kWO5QyHuOL5WX
 P5bkG/qi2Q8c+PTRw51dsjmNgbVF5NDQDcP5vNo3QPmJIAAntkoPOj7c0P68KI0y
 O65dAkgpdOHAZznfg+U6IRYrXxFprlf/mGjIuxSF4slaFxIQIgqUclj+c0JRdgEg
 I3oPy5m2KalFRJw4pHwEaBPwQQO5VN6XJp/CS0W7KwsLRjbcEEuQKSSeIablY/qH
 YQIDAQAB
 -----END PUBLIC KEY-----

      Parameters:
      inputStream - an input stream containing the data to parse
      charset - the charset used when reading from the stream
      Returns:
      an RSAPublicKey as parsed from the data
      Throws:
      IllegalStateException - when the key could not be parsed

    • parseFromX509EncodedData

      public static RSAPublicKey parseFromX509EncodedData(String data)
      This method parses an RSAPublicKey from X509 encoded data. For example, the data might have been read from a public key file in the format: 

       -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpjFOHYRA1DJBVWXzUxV
 V8B/tBUhzRoZo/uKfk9kSFUeOi+wBGLtiALPqKW/OXn8CBSkBsTJErnmTZfnXDS8
 IRfMwODjzRMYFdXUkDju+rKsA0Bix77t00wluhBu3nzZc01ynE/kWO5QyHuOL5WX
 P5bkG/qi2Q8c+PTRw51dsjmNgbVF5NDQDcP5vNo3QPmJIAAntkoPOj7c0P68KI0y
 O65dAkgpdOHAZznfg+U6IRYrXxFprlf/mGjIuxSF4slaFxIQIgqUclj+c0JRdgEg
 I3oPy5m2KalFRJw4pHwEaBPwQQO5VN6XJp/CS0W7KwsLRjbcEEuQKSSeIablY/qH
 YQIDAQAB
 -----END PUBLIC KEY-----

      Parameters:
      data - the data to parse
      Returns:
      an RSAPublicKey as parsed from the data
      Throws:
      IllegalStateException - when the key could not be parsed

    • loadX509CertificateFromBase64EncodedString

      public static X509Certificate loadX509CertificateFromBase64EncodedString(String encodedString)
      This method loads an X.509 encoded certificate from a Base64 encoded string (PEM format). Example: 

       -----BEGIN CERTIFICATE-----
 MIICszCCAZsCBgFiBTBbQTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJTcHJp
 bmdCb290S2V5Y2xvYWswHhcNMTgwMzA4MTAzNjE3WhcNMjgwMzA4MTAzNzU3WjAd
 MRswGQYDVQQDDBJTcHJpbmdCb290S2V5Y2xvYWswggEiMA0GCSqGSIb3DQEBAQUA
 A4IBDwAwggEKAoIBAQCHtMFrciS+uW2+TgaEa5SphnSd3T5g/ToUiI9OWMD1K3jE
 iJ+xeYZ5/5+XRlgyZRLOUVHjU0bQwTCsvsUb/cFsYfTr1/pmRSKFVWs2wCNEq4sC
 Sl0Mut0Tn10MqYOh2eBBon+eyeP+m7HRpQ0Zwvx27D7mHJSUF4ElBuTQXeTRYlRR
 EMA73Bknbz+PjY8i2LzX8eCYxDCxc/ZsgvLjqbGa7UTYEoW1WzYu/GFyasHZyBAW
 OX7ngUwm4Qj9o4Z5qPEdhfIt81aaFW7sG+n7T8MX54wswNtVUwfqY2fsQ1yYukVB
 EtEUJPfeL9bFyMPkb49ILGLxXWctGZDT337rsYm5AgMBAAEwDQYJKoZIhvcNAQEL
 BQADggEBAFM40Mbd65wbAS22BR/eLKDB16UGw9Aq/vk78oYoufZxRmZSnTK66wNm
 /AEvuhJivVK17x48BBSUJCqL+31t2L8Nx9pTYEDKtVzj2YiNJBxqDeU2eneP6Yb7
 o3k2BflmRAGprtjxBcJCQ/aZe0Ipg/DPoxIYlJNcb4mEJLhnyk4QSzNiXd2jS5fi
 Bb0TcuVY8tfmaLbUkufYbh7bK+IH1/B5D09afsR0n354Lmb4FRMIOFa0ZGKczcOd
 yXaFuvXNARmfytuV4LJpOXE2CzK9NJcXFocvAxSEXZF7hYY9sBDnn5KVJdYoaq9P
 cR5W9x+nC28pYR85eEcYMl/B+PsKL9o=
 -----END CERTIFICATE-----

      Parameters:
      encodedString - the Base64 encoded string to parse
      Returns:
      the parsed new X509Certificate